package com.qf.config;

import com.qf.filter.TokenFilter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests()
                .antMatchers("/tenant/login","/tenant/register","/tenant/verifyToken","/smsCode/**","/pay-result-notify","/pay/**","/package/**","/package-order/**","/package-tenant-perms/**","/device/auth","/device/cmd")
                .permitAll() //白名单
                .anyRequest()
                .authenticated();
        //禁用csrfFilter
        http.csrf().disable();
        //允许跨域访问
        http.cors();
        //向过滤器链中添加过滤器
        http.addFilterBefore(new TokenFilter(authenticationManager()), FilterSecurityInterceptor.class);

    }
}
